Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/jvvIL990XaTYxw-VeLqzvIrXD3A.roa
File:                     jvvIL990XaTYxw-VeLqzvIrXD3A.roa (raw, json)
Hash identifier:          PY+/8bk3/EQePvx/TRYxHScZnj5sFMK+3gBhhjytTLo=
Subject key identifier:   8E:FB:C8:2F:DF:74:5D:A4:D8:C7:0F:95:78:BA:B3:BC:8A:D7:0F:70
Certificate issuer:       /CN=c378bc3bd350eedc4f377c224556b250da6dde6f
Certificate serial:       018DC60A22FA43607359D722ABB9C5CA1BD7
Authority key identifier: C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/jvvIL990XaTYxw-VeLqzvIrXD3A.roa
Signing time:             Tue 20 Feb 2024 10:22:49 +0000
ROA not before:           Tue 20 Feb 2024 10:22:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216383
IP address blocks:        93.127.180.0/24 maxlen: 24
                          93.127.181.0/24 maxlen: 24
                          93.127.182.0/24 maxlen: 24
                          93.127.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:0a:22:fa:43:60:73:59:d7:22:ab:b9:c5:ca:1b:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c378bc3bd350eedc4f377c224556b250da6dde6f
        Validity
            Not Before: Feb 20 10:22:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8efbc82fdf745da4d8c70f9578bab3bc8ad70f70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:26:c3:8c:b8:96:30:8d:a2:1c:04:d8:3e:e1:
                    22:82:6e:f6:80:5d:08:c5:5f:b6:58:fb:e3:ac:72:
                    56:df:b7:98:4d:dd:8b:1e:3d:c6:ca:59:92:e5:df:
                    41:6d:52:88:35:92:ff:89:0e:e8:8f:89:72:fe:88:
                    12:77:b3:15:03:99:b3:59:e7:08:32:88:b4:5a:a8:
                    22:c5:37:b4:33:95:45:43:dc:2b:25:80:c6:a2:ed:
                    5a:d3:78:15:9b:cb:0e:70:29:a6:65:fd:2b:86:fd:
                    07:be:70:2a:78:a9:8d:d9:02:f0:ca:6b:16:85:8d:
                    bc:1e:83:ed:60:67:49:67:38:f8:86:83:00:27:48:
                    ef:23:b3:9c:3f:40:e7:25:9f:09:67:fb:7f:92:ca:
                    e6:b5:38:ec:d5:ee:76:4c:86:81:66:5c:f8:c0:85:
                    94:29:09:b0:0a:3a:b2:23:04:4d:39:50:26:03:7b:
                    64:d3:c1:d8:ff:f5:0a:c7:03:dd:71:27:37:65:d5:
                    5a:b7:3e:7f:ac:cb:e9:66:ba:c0:43:7e:70:bf:3b:
                    cb:5c:7b:fa:33:c1:7a:54:0c:25:4c:ed:7f:db:84:
                    33:4f:3d:1f:d9:1b:ef:8f:f8:09:8e:7f:1e:06:98:
                    1c:dd:25:9d:47:49:e4:bc:d1:c5:37:b8:92:2e:e0:
                    76:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:FB:C8:2F:DF:74:5D:A4:D8:C7:0F:95:78:BA:B3:BC:8A:D7:0F:70
            X509v3 Authority Key Identifier:
                keyid:C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/jvvIL990XaTYxw-VeLqzvIrXD3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.127.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:df:01:43:d3:5a:3b:f1:cd:cd:ff:48:16:96:2f:c0:d9:d4:
         33:5d:c5:17:c0:77:03:b7:48:6c:a3:a0:48:dc:9c:75:7b:35:
         94:2d:26:6f:25:94:27:c7:dd:5a:b5:b4:85:14:b7:bc:55:97:
         e1:21:0b:b1:71:f5:9b:ca:3d:47:f6:dd:05:6f:34:cf:15:db:
         9b:13:fe:04:45:43:a6:d8:37:da:6b:fb:2b:4b:ea:a0:8c:ea:
         59:1c:b1:b1:92:2c:71:39:bb:37:94:5d:01:86:bd:83:6b:54:
         3c:a5:9e:5b:b5:de:56:a6:eb:c9:8d:7b:1c:31:57:0f:13:ed:
         a0:5c:76:01:af:53:13:60:26:de:fa:23:8f:e2:d5:03:da:90:
         3f:4e:8d:74:3b:4a:ba:d4:96:02:11:46:7c:f9:5f:34:bc:65:
         04:60:87:b4:b7:e8:88:29:53:c8:2c:45:48:8a:d0:33:a1:c3:
         68:fb:c5:ff:c3:74:37:4d:b8:e6:a6:97:d4:b1:f6:c8:db:9d:
         98:1e:ef:6c:84:98:da:aa:3c:99:90:c8:2c:23:d1:d7:93:0b:
         0c:e5:9c:a7:4c:28:36:a0:24:5f:62:75:7a:70:e6:13:75:d8:
         fb:58:86:90:de:62:6f:aa:a6:86:a6:8d:d4:17:79:36:fd:e3:
         ce:6f:b5:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3GCiL6Q2BzWdciq7nFyhvXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzhiYzNiZDM1MGVlZGM0ZjM3N2MyMjQ1NTZiMjUwZGE2
ZGRlNmYwHhcNMjQwMjIwMTAyMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWZiYzgyZmRmNzQ1ZGE0ZDhjNzBmOTU3OGJhYjNiYzhhZDcwZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSbDjLiWMI2iHATYPuEigm72gF0I
xV+2WPvjrHJW37eYTd2LHj3GylmS5d9BbVKINZL/iQ7oj4ly/ogSd7MVA5mzWecI
Moi0WqgixTe0M5VFQ9wrJYDGou1a03gVm8sOcCmmZf0rhv0HvnAqeKmN2QLwymsW
hY28HoPtYGdJZzj4hoMAJ0jvI7OcP0DnJZ8JZ/t/ksrmtTjs1e52TIaBZlz4wIWU
KQmwCjqyIwRNOVAmA3tk08HY//UKxwPdcSc3ZdVatz5/rMvpZrrAQ35wvzvLXHv6
M8F6VAwlTO1/24QzTz0f2Rvvj/gJjn8eBpgc3SWdR0nkvNHFN7iSLuB2xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI77yC/fdF2k2McPlXi6s7yK1w9wMB8GA1UdIwQY
MBaAFMN4vDvTUO7cTzd8IkVWslDabd5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYt
NDQxNDU1OGZkY2JiLzEvanZ2SUw5OTBYYVRZeHctVmVMcXp2SXJYRDNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYtNDQxNDU1OGZkY2Ji
LzEvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXX+0MA0G
CSqGSIb3DQEBCwUAA4IBAQBS3wFD01o78c3N/0gWli/A2dQzXcUXwHcDt0hso6BI
3Jx1ezWULSZvJZQnx91atbSFFLe8VZfhIQuxcfWbyj1H9t0FbzTPFdubE/4ERUOm
2Dfaa/srS+qgjOpZHLGxkixxObs3lF0Bhr2Da1Q8pZ5btd5WpuvJjXscMVcPE+2g
XHYBr1MTYCbe+iOP4tUD2pA/To10O0q61JYCEUZ8+V80vGUEYIe0t+iIKVPILEVI
itAzocNo+8X/w3Q3TbjmppfUsfbI252YHu9shJjaqjyZkMgsI9HXkwsM5ZynTCg2
oCRfYnV6cOYTddj7WIaQ3mJvqqaGpo3UF3k2/ePOb7XX
-----END CERTIFICATE-----